[RayPesek]

To expand upon dbedit's response, this error usually is seen when traffic that you thought was going down the VPN in fact is not. It's commonly seen when an implied rule accepts the traffic. Since the implied rule is always before any of your rules and before any VPN rules, it can cause odd quirks like this.

Hopefully you do not really have those DNS implied rules active because they open up your internal network's DNS servers in a manner you probably did not intend. They used to be checked by default in 4.0, and I know they are un-checked in NG by default. BTW, with 4.0, I believe they could be used to touch any server on your internal network simply my using port 53 for something other than DNS.

If you do disable them, make sure you have other DNS rules in place or things are going to break...

Ray